EXTOL Secure Exchange


AS2 communications made safe and easy.

EXTOL Secure Exchange (ESX) is a standards-compliant solution for sending and receiving EDI, XML and other data securely over the Internet. It protects the privacy and integrity of your communications with customers, suppliers, remote divisions and other external partners by applying advanced encryption, authentication and non-repudiation methods.

Designed specifically for secure data communications, ESX avoids well-known security exposures inherent in solutions based on commercial HTTP servers. A wide range of security features protects applications, private keys and unencrypted data from external tampering.

EXTOL Secure Exchange has been certified for AS2 compliance and interoperability with other AS2 products by the Drummond Group; giving you the flexibility to conduct e-business communications with any new or existing trading partner that uses an AS2-compliant product.

Secure targets communication requirements including:

Guaranteed Delivery: Partnerships allow the configuration of retry specifications, such as retry-count and elapsed time between retries.

Non-Repudiation: Message Delivery Notifications (MDNs) can be received synchronously or asynchronously on another port.

Drummond Certified Auditing: Documents are tracked through the entire communication session, including retry attempts.

Encryption: Information is secured using industry-standard encryption methods such as DES, 3DES, RC2, AES and CAST5.

Notifications: Secure provides configurable notification events that are fired during the communication process. These events can alert you to partner system-down or configuration issues.

Functional Overview

EXTOL Secure Exchange
EXTOL Secure Exchange (ESX) provides a communications platform that integrates seamlessly with other EXTOL products, such as EXTOL Business Integrator, and EXTOL EDI Integrator for i. ESX also interoperates with other Drummond-Certified AS2 solutions.

ESX facilitates one-to-many and many-to-many partner communications with multi-threaded execution to maximize throughput and minimize latency. A publish/subscribe model is employed to allow flexible configuration of data movement and encourage real-time recognition of data send/receive events. Using proven, platform-independent Java architecture, your investment is protected against platform changes.

Tightly integrated with the EXTOL Integrator products family, ESX manages inbound and outbound communications. Monitoring and auditing information is directly integrated back into the EXTOL EDI Integrator products allowing a complete end-to-end view of your data transaction.

Message payloads can be in any format, including EDI, XML, flat file, signed/encrypted with DES, 3DES, RC2, AES or CAST5. On the IBM i platform, ESX includes I/O support for stream files, delimited files, direct IFS and DB2 access.

ESX communicates using HTTP with S/MIME and SSL. Multiple inbound port support allows the server to handle many simultaneous connections. To ensure that sessions are complete, non-repudiation of origin via MDN tracking and/or signatures is incorporated.

Comprehensive PKI support, including certificate management, key generation, public key importing and key expiration monitoring are integrated into ESX. These features enable seamless integration with your existing security implementation via certificate import and notify an Administrator of certificates approaching expiration.

ESX improves your communications capabilities by automating heterogeneous enveloping and message routing requirements without dedicated directories. It also automates communication retries, error recovery and notification, and MDN receipt monitoring. Outbound communications can be automated from files via customizable polling. Transaction queuing enables continued communications, even when applications are not available.

System Management capabilities include automated email alerts, comprehensive logging and tracking of transactions and sessions, filtered auditing for rapidly locating transactions of interest and configurable controls to prevent runaway files and denial of service with automatic rejection of non-AS2 messages or AS2 sessions from unrecognized partners.

If you require that your ESX server not be exposed to the outside world, EXTOL Proxy Server can be installed in a DMZ or outside the firewall, and safely communicate with an instance of Secure installed behind the firewall. Proxy also has fail-over capability if your primary ESX Server is unreachable. It can be configured to automatically connect with one or more alternate ESX Servers until communications with the primary ESX server are restored. Proxy Server is included with ESX as a separately-installable component.


The EXTOL Secure Exchange (ESX) architecture was designed to loosely-couple its components, allowing the greatest flexibility in configuring the system. By using Channels to link the Partnerships and File Writers/Readers, partnership configurations can re-use the File Writers/Readers to extend the standard input/output capabilities to include Carbon Copy and multiple Subscribers processing for documents. This is useful when 3rd Parties require a copy of the data, eliminating the need for redundant processing steps.

ESX - Product Architecture

ESX utilizes an optimized data-model that encourages reusability and promotes integrations through loosely-coupled Channel and File Reader/Writer relationships.

Security is a concern at every company. ESX can be deployed in many configurations:

  • Behind-the-firewall
  • In a Network De-Militarized Zone (DMZ)
    • Single firewall with DMZ separate from internal network
    • Between two firewalls
  • In conjunction with EXTOL Proxy Server in a DMZ and ESX behind a firewall
  • In front of the firewall

ESX - Implementation Options

To implement ESX and leverage the EXTOL Proxy Server to provide safety, deploy the EXTOL Proxy Server in a DMZ and have it communicate directly with ESX.

This approach isolates the ESX Server safely behind your firewall and ensures that only the EXTOL Proxy Server is exposed to inbound traffic in the DMZ.


EXTOL Secure Exchange Server
The EXTOL Secure Exchange (ESX) product consists of two separately installed parts: ESX Server, consisting of a runtime executive and supporting runtime services.

ESX Client, a graphical interface for configuring all aspects of inbound/outbound communications and monitoring inbound/outbound sessions in near real-time.

In addition to these two primary components, the ESX product package includes supporting components that are invisible to the product user, including an internal database and a dashboard server.


ESX UI Configuration

EXTOL Secure Exchange (ESX) includes a client user-interface designed to simplify the creation and ongoing maintenance of your communication configuration. This section summarizes the key functional areas and features provided at configuration and runtime.


Partners and Partnerships

ESX facilitates communication between your company and your partners through Partnerships. These Partnerships define connectivity parameters such as URLs, compression/encryption policies, Message Delivery Notification (MDN) configurations and Certificate usage.

ESX UI Filesystem


To allow a flexible configuration model, ESX leverages Channels to connect File Writers/Readers and partnerships. This approach allows File Writers/Readers to be re-used across multiple partnership configurations. This capability can also be used to accommodate Carbon-Copy needs of sending the same data to more than one recipient, such as a 3rd party vendor. Channels are also used to link partnerships with the EBI and EEI adaptors.

File-system Interfacing

Files sent and received by ESX are configured using channels and File-system Reader/Writers. The Partnerships are connected to one or more channels allowing a true Publish/Subscribe model to be implemented. This flexibility allows for copies of the same data to be issued to multiple target systems simultaneously.


ESX UI Integration
Integration with EXTOL Business Integrator (EBI) and EXTOL EDI Integrator for i (EEI) is natively supported by ESX. ESX communicates with EBI and EEI using multiple simultaneous threads, in order to maximize throughput. Bi-Directional handshaking and persisted queues prevent loss of communicated data. The handshaking also communicates ESX session status information, which can be audited by EBI and EEI administrators.


ESX imports certificates into a local key-store, allowing selection of separate signing and encryption certificates to be used across Partnership configurations. ESX Server also monitors for expiring certificates and issues a Notification Event to the system administrator, allowing time to obtain an updated certificate.

ESX Server

ESX UI Sessions


For added security, ESX allows for outbound messages to be transmitted over a restricted port range giving you greater control.


Session Management

ESX offers a comprehensive at-a-glance view of session activity showing Process Status and Document Status for transmission information and MDN confirmation.

Notification Management

Managing an ESX system is automated through the use of configurable Notifications. Transaction Processing, File-system activity, Server Status change, EBI/EEI Integration events and Certificate Expiration notifications can be configured to alert the Administrator when a specific event occurs.

Request a Demo

Using EXTOL Secure Exchange

EXTOL Secure Exchange Server
EXTOL Secure Exchange (ESX) is designed to be easy to use for IT professionals. Configuration is simplified through a graphical user interface that provides direct access to Trading Partners, Partnerships and communication objects such as HTTP Ports, Channels, File-system Integration and configurable integration with EXTOL Integrator products. Once configured, ESX is designed to run in a lights-out operational mode, notifying the Administrator of events that require attention.

The basic ESX Life-cycle comprises a handful of stages:

  1. Import certificates received from partner(s).
  2. Create or reuse objects required to implement the desired communication process, including Trading Partners, Partnerships, HTTP Ports, and Channels.
  3. Test, and if necessary, modify objects in the process until the desired communications interaction behavior is achieved.
  4. Monitor the execution of transactions in ESX using the Session Monitor or in EXTOL Integrator applications.
  5. As business needs change, modify configured objects, test, and redeploy to meet new requirements.
System Requirements

EXTOL Secure Exchange (ESX) is available on multiple platforms with identical functionality, giving you freedom of platform choice. The tables below show the runtime requirements for the ESX system:

  Secure Server
Operating System Windows, i OS, Linux
* See Policy on Operating System Support for Java-Based Products for more details.

RAM 2 GB or greater

Disk space Minimum 500 MB plus storage for logs, session-data and related objects

Other Minimum 1024 x 768 monitor resolution
JDK 1.6 (included with product)

  Secure Client
Operating System Windows, Linux
* See Policy on Operating System Support for Java-Based Products for more details.

RAM 1 GB or greater

Disk space Minimum 200 MB

Other Minimum 1024 x 768 monitor resolution
JDK 1.6 (included with product)

* The following additional requirements apply to installation of ESX on IBM i OS (i5/OS):

  • Java PTFs (levels and options vary by OS release)
  • QShell Interpreter
  • PASE Environment (required if the Secure client is run directly on IBM i OS)
  • iSeries Tools for Developers
  • Crypto Access Provider 128-bit for AS/400

For IBM i OS installations, EXTOL provides the no-charge, automated EXTOL Readiness Suite, which analyzes your system configuration and identifies which of the PTFs and optional product features required for Secure operation are not currently installed on your system.

Reasons to Choose EXTOL Secure Exchange
  1. Eliminate VAN charges – reduce your operating costs by moving your data transmissions from Value-Added Networks to direct encrypted communications over the Internet.

  2. Securely transmit your sensitive data – ESX employs DES, 3DES, RC2, AES and CAST5 and other encryption protocols, transmitting your data safely.

  3. Improve transaction turn-around time - Improve your ROI with asynchronous delivery/processing or documents and MDNs.

  4. Enforce data communications standards such as Encryption and Compression with Trading Partners – Automate trading partner governance for Incoming data transmissions by automatically checking each document to ensure that it meets your communication requirements.

  5. Enforceable Non-Repudiation - via locally-processed Message Delivery Notifications (MDN).

  6. Direct Integration with EXTOL Products – Both EXTOL Business Integrator and EXTOL EDI Integrator for i directly integrate with ESX, offering visibility into communications sessions from each product.

  7. Lightweight Server does not require large Hardware Investment – the ESX server runs under modest resource requirements of 4GB of memory and as little as 500MB of disk space (depending on data-retention policies).

  8. Resides behind the firewall, in a DMZ, or a hybrid using EXTOL Proxy Server – ESX can be installed anywhere in your network configuration to accommodate your specific security needs.

  9. Consolidate - communications activity to one platform.

  10. World-Class Customer Support – Backed by EXTOL’s Customer Services Group, you can rest assured that your questions will be addressed in a timely manner.

Request a Demo

Home   |   Solutions   |   Industries   |   Products   |   Services   |   Partners   |   About EXTOL   |   Resource Center   |   Blog   |   Contact Us   |   

© Copyright 2014 EXTOL International Inc. All Rights Reserved.      Sitemap   |   Terms of Use   |   Privacy & Security